Re: Blocking spoofing at the source (was: ICMP Attacks??)

[Joe Rhett <jrhett () ISite Net>]

> > This won't work on anything with multiple diverse paths. And I don't know
> > many companies with their own WANs that don't have such.
 
> This rule could be made to work only on links that aren't doing any dynamic
> routing protocols, which makes it useful for things like dialup servers.
> Since it becomes next to impossible to filter at the core router level, I 
> think the proper place to do this is at the edge of the network (dialup 
> servers, static-routed links back to customers), rather than the center.
 
You're assuming that all non-Internet networks have cores. Very untrue.

-- 
Joe Rhett                                                 Systems Engineer
JRhett () ISite Net                                          ISite Services

PGP keys and contact information:     http://www.navigist.com/Staff/JRhett